second_factor_auth is boolean type, fix for #1059

SURFscz · Jan 29, 2025 · 43690a3 · 43690a3
1 parent 69e3e6a
commit 43690a3
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 3 deletions.
diff --git a/server/api/organisation.py b/server/api/organisation.py
@@ -229,6 +229,8 @@ def valid_co(collaboration_json):
     for collaboration in json_organisation["collaborations"]:
         collaboration["units"] = [unit["name"] for unit in collaboration["units"]]
         collaboration["tags"] = [tag["tag_value"] for tag in collaboration["tags"]]
+        for collaboration_membership in collaboration.get("collaboration_memberships", []):
+            User.translate_user_mfa_attributes(collaboration_membership.get("user"))
     return json_organisation, 200
 
 

diff --git a/server/db/domain.py b/server/db/domain.py
@@ -119,6 +119,13 @@ def successful_login(self, second_factor_confirmed=True):
     def sanitize_user(user_json: dict):
         return {"name": user_json.get("name"), "email": user_json.get("email")}
 
+    @staticmethod
+    def translate_user_mfa_attributes(user_json: dict):
+        if "mfa_reset_token" in user_json:
+            del user_json["mfa_reset_token"]
+        if "second_factor_auth" in user_json:
+            user_json["second_factor_auth"] = bool(user_json["second_factor_auth"])
+
 
 services_organisations_association = db.Table(
     "services_organisations",

diff --git a/server/swagger/public/schemas/User.yaml b/server/swagger/public/schemas/User.yaml
@@ -54,6 +54,7 @@ properties:
     example: 1644015600
   second_factor_auth:
     type: boolean
+    description: "Indicator if the user has setup MFA in SRAM"
     example: false
   suspended:
     type: boolean

diff --git a/server/test/api/test_organisation.py b/server/test/api/test_organisation.py
@@ -480,12 +480,18 @@ def test_find_api_unit_access(self):
         collaborations = res["collaborations"]
         self.assertEqual(1, len(collaborations))
         self.assertEqual(1, res["collaborations_count"])
-        self.assertEqual(co_ai_computing_name, collaborations[0]["name"])
+        collaboration = collaborations[0]
+        self.assertEqual(co_ai_computing_name, collaboration["name"])
         # Test logic that determined the filtering of CO's with no units or other units than the used ApiKey
         api_key = ApiKey.query.filter(ApiKey.hashed_secret == unihard_hashed_secret_unit_support).one()
         self.assertEqual(1, len(api_key.units))
-        self.assertEqual(1, len(collaborations[0]["units"]))
-        self.assertEqual(collaborations[0]["units"][0], api_key.units[0].name)
+        self.assertEqual(1, len(collaboration["units"]))
+        self.assertEqual(collaboration["units"][0], api_key.units[0].name)
+        users = [cm.get("user") for cm in collaboration.get("collaboration_memberships")]
+        self.assertEqual(5, len(users))
+        for user in users:
+            self.assertFalse("mfa_reset_token" in user)
+            self.assertTrue(isinstance(user.get("second_factor_auth"), bool))
 
     def test_search_users(self):
         self.login("urn:harry")